1343fd538d
Start ApiListener#SyncClient() in the thread pool
...
... not hosting the coroutines not to block them.
Otherwise a large replay log would block messages sending
until the peer disconnects us.
2020-11-24 17:25:43 +01:00
3dcc6c32f3
Merge pull request #8479 from Icinga/bugfix/close-anonymous-connections
...
Close anonymous connections after 10 seconds
2020-11-24 16:44:09 +01:00
2a2924855f
Merge pull request #7922 from Icinga/feature/http-status-codes-in-icinga-mainlog-7053
...
Include HTTP status codes in log
2020-11-24 16:35:58 +01:00
da407660f2
Merge pull request #8500 from Icinga/bugfix/config-sync-only-remove-files-if-timestamp-changed
...
Config sync: Only remove files, if timestamp changed
2020-11-24 16:34:12 +01:00
c154d4d50e
Merge pull request #8466 from Icinga/feature/one-connection
...
ApiListener#NewClientHandlerInternal(): reject connections from already connected endpoints
2020-11-24 16:33:15 +01:00
83b4d8e69d
Config sync: Only remove files, if timestamp changed
2020-11-24 10:44:38 +01:00
39bc1590f6
Merge pull request #8440 from Icinga/bugfix/message-routing-for-global-zones
...
Fix cluster message routing for global zones
2020-11-24 10:41:17 +01:00
e84a4a290d
Merge pull request #8450 from Icinga/bugfix/do-not-accept-api-updates-for-unknown-zone
...
API: Don't accept object updates for unknown global zone
2020-11-24 10:40:20 +01:00
70c9d49ebc
ApiListener: merge new config validation and actication functions
...
Merge AsyncTryActivateZonesStage and TryActivateZonesStageCallback and
name the result TryActivateZonesStage. The old split was a leftover from
the one being a callback function with no actual meaningful separation.
2020-11-17 09:37:13 +01:00
2d1980c10d
Merge pull request #8476 from Icinga/docs/api-action-api-function
...
Clarify difference between API actions and functions in their docstrings
2020-11-17 08:17:05 +01:00
e4610e7dbd
Use std::mutex instead of Spinlock
2020-11-16 17:38:03 +01:00
74b65f1642
API filesync: wait for validation process to exit
...
This avoid having to pass a lock implictly using the captured variables
of a lambda.
2020-11-16 17:10:57 +01:00
d1edcb909c
Close anonymous connections after 10 seconds
...
Anonymous connections are normally only used for requesting a
certificate and are closed after this request is received. However, the
request is only sent if the child has successfully verified the
certificate of its parent so that it is an authenticated connection from
its perspective. In case this verification fails, both ends view it as
an anonymous connection and never actually use it but attempt a
reconnect after 10 seconds leaking the connection. Therefore close it
after a timeout.
2020-11-12 18:01:11 +01:00
8ca765d730
Merge pull request #8455 from Icinga/bugfix/replay-object-deletion
...
Log config object deletions to replay log
2020-11-12 15:08:55 +01:00
01a278bb5e
Clarify difference between API actions and functions in their docstrings
2020-11-12 14:23:41 +01:00
5f6042d92f
Fix 'emoving' typo
2020-11-09 16:35:16 +01:00
cb476172ec
Fix cluster message routing for global zones
...
RelayMessageOne used to relay the message only to one other endpoint for
other zones, which is fine, as long as the target zone is a child/parent
zone but breaks if the target zone is a global one. In this case, the
message has to be forwarded within the local zone as well as to one node
in each child zone.
2020-11-09 15:43:43 +01:00
be53b0af9e
Log config object deletions to replay log
...
The initial config object sync for each new connection (in
`ApiListener::SendRuntimeConfigObjects()`) only considers currently
existing objects and has no way to pass the information that objects
were deleted in the meantime.
This commit logs config object deletions to the replay log if required
so that there is a chance that it will be propagated to nodes that were
offline when the deletion happened.
Note that this can only be considered a workaround as the replay log
might be pruned or could even be completely disabled. Also, there still
seems to be a race-condition between the config sync and replay log of
multiple new connections at the same time.
2020-11-09 14:09:44 +01:00
29e5d7def7
Include HTTP status codes in log
...
refs #7053
2020-11-09 10:20:13 +01:00
8ba5f72533
API: Don't accept object updates for unknown zone
2020-11-06 17:27:10 +01:00
1450e1bb7f
Merge pull request #8108 from Icinga/bugfix/api-incorrect-response-header-6747
...
API: Send Content-Type as api response header too
2020-11-03 18:50:31 +01:00
939f4591a4
Merge pull request #8087 from Icinga/bugfix/log-cout-permission-error-8086
...
Display Logmessage if an permission error occurs
2020-11-03 17:23:06 +01:00
488e6bfb67
HTTP Request: Log an exception message if an error occurs
2020-11-02 15:01:48 +01:00
1e281b060a
Merge pull request #7952 from Icinga/fix/SO_REUSEPORT-optional
...
apilistener: Make SO_REUSEPORT optional
2020-10-29 15:56:56 +01:00
bb851b0558
Merge branch 'master' into feature/v1-actions-execute-command-8034
2020-10-28 18:37:08 +01:00
38110e55d3
ApiListener#NewClientHandlerInternal(): reject connections from already connected endpoints
2020-10-26 15:20:58 +01:00
a32c1bf910
Merge pull request #7864 from Icinga/bugfix/icinga2-doesn-t-close-connections-7203
...
Add timeout for boost::asio::ssl::stream#async_shutdown()
2020-10-19 15:25:12 +02:00
40ac05c182
Introduce Endpoint#capabilities
...
refs #8034
2020-10-19 13:04:20 +02:00
f60ae93717
Merge pull request #7870 from Icinga/bugfix/last-zone-sync-stage-validation-failed-7642
...
Clear ApiListener#last_failed_zones_stage_validation on config::Update if config not changed
2020-10-19 12:31:01 +02:00
4bb6f4c910
Merge pull request #8364 from Icinga/bugfix/configsyncstagelock-unlock-owner-213
...
Make ApiListener::m_ConfigSyncStageLock a SpinLock
2020-10-14 16:01:00 +02:00
fbfa931b31
Clear ApiListener#last_failed_zones_stage_validation on config::Update if config not changed
...
refs #7642
2020-10-14 12:17:14 +02:00
a083635de4
Make ApiListener::m_ConfigSyncStageLock a SpinLock
2020-10-14 10:47:08 +02:00
e04d618ede
Catch exceptions in the thread running HandleConfigUpdate
...
With dc3062a9b0
2020-10-13 14:07:44 +02:00
3f3e04eb69
Allow to create api user w/ password
...
fixes #8164
2020-10-09 20:15:44 +02:00
730075a177
Merge pull request #1 from Al2Klimov/version
...
Introduce Endpoint#icinga_version
2020-08-05 09:23:28 +02:00
a615b2126e
Merge pull request #8142 from Icinga/bugfix/don-not-close-connection-on-missing-heartbeat-8095
...
Remove all codes related to the heartbeat timeout
2020-07-29 15:33:22 +02:00
97fc70ccb2
Merge pull request #7836 from Icinga/bugfix/jsonrpcconnection-m_seen
...
Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message
2020-07-29 15:02:48 +02:00
964a90fa4b
Remove all codes related to the heartbeat timeout
...
until now, if the timeout is exceeded, the connection is immediately terminated.
But since we do not want to disconnect even if the timeout is exceeded, it is
better to send the messages without timeout and have deleted everything that
related to the heartbeat timeout. We also have another mechanism in
JRPC::CheckLiveness that does the disconnect.
2020-07-29 14:27:55 +02:00
9f57e895f1
Merge pull request #8102 from Icinga/bugfix/send-heartbeat-less-often-8098
...
Send heartbeat every 20s and not 10s
2020-07-21 09:46:33 +02:00
df2d30e6af
Send Content-Type as api response header too
2020-07-10 10:42:55 +02:00
cf5ec5e341
Send heartbeat every 20s and not 10s
2020-07-09 13:22:08 +02:00
645dcbdc9e
Introduce Endpoint#icinga_version
...
... and set it to e.g. 21200 via icinga::Hello.
2020-07-07 18:24:06 +02:00
b07471d803
AuthenticatedApiUser name refactor
2020-07-03 11:17:36 +02:00
08c6e9bc42
Make authenticatedApiUser a static property of ActionsHandler
2020-07-03 11:00:40 +02:00
27a6fd6b40
Get API user from ActionsHandler
2020-07-03 10:16:23 +02:00
cc6fa66ba6
Allow apiactions to return sucecss http codes different from 200
2020-06-23 11:52:22 +02:00
19c632e44b
Add timeout for boost::asio::ssl::stream#async_shutdown()
...
refs #7203
2020-06-17 10:33:35 +02:00
647f1547a9
Generalize I/O timeout emulation
2020-06-17 10:31:40 +02:00
84b052b314
Merge pull request #7926 from Icinga/bugfix/jsonrpcconnection-handleandwriteheartbeats-m_endpoint-getname
...
JsonRpcConnection#HandleAndWriteHeartbeats(): check !!#m_Endpoint
2020-06-03 15:46:38 +02:00
d5d89b7f39
Merge pull request #7970 from Icinga/bugfix/reconnect-loop
...
RequestCertificateHandler(): don't disconnect nodes already integrated into the cluster
2020-04-27 13:05:22 +02:00
5a5cf1a2eb
RequestCertificateHandler(): don't disconnect nodes already integrated into the cluster
...
... not to cause a reconnect loop.
2020-04-08 13:29:55 +02:00
2e22ceb23e
Merge pull request #7936 from Icinga/bugfix/config-sync-failed-reload-7742
...
ApiListener::ConfigUpdateHandler(): make the whole process mutually exclusive
2020-04-07 15:55:14 +02:00
b5fa7569f2
apilistener: Make SO_REUSEPORT optional
2020-03-31 18:03:59 +02:00
51e534ff4c
Fix CA verification regression
...
Uninitialized bool values may evaluate to true while it should be false.
2020-03-29 16:05:29 +02:00
38f3108c1a
ApiListener::HandleConfigUpdate(): make the whole process mutually exclusive
...
refs #7742
2020-03-23 17:33:14 +01:00
dc3062a9b0
ApiListener::ConfigUpdateHandler(): block as less as possible
...
refs #7742
2020-03-23 17:31:59 +01:00
5e7a675009
JsonRpcConnection#HandleAndWriteHeartbeats(): check !!#m_Endpoint
2020-03-18 11:58:27 +01:00
4c9e4959f3
Merge pull request #7823 from Icinga/bugfix/unify-application-start-times
...
Fix timing point for Application::GetStartTime() (related to command endpoint grace period)
2020-03-09 09:45:57 +01:00
c9ab04d511
Merge pull request #7841 from Icinga/bugfix/jsonrpcconnection-sendmessage-keepalive
...
JsonRpcConnection#Send*Message(): keep this alive
2020-03-03 10:46:33 +01:00
13d2416e29
Fix regression from JsonRPC PKI CA verification checks
...
refs #7835
2020-02-27 12:31:02 +01:00
456b0779bb
JsonRpcConnection PKI: Document swalled exception
2020-02-20 15:15:54 +01:00
0f84ce0470
Consider a JsonRpcConnection being seen on a single byte of TLS payload, not only a whole message
2020-02-19 11:11:53 +01:00
a91b9f2ddf
Pki: Extend GetCertificateInformation() with version, serial, signature algorithm, SANs
2020-02-17 17:44:10 +01:00
24397fbee8
CA Proxy: Catch exceptions from VerifyCertificate()
2020-02-17 17:43:11 +01:00
fbce756007
JsonRpcConnection#Send*Message(): keep this alive
2020-02-17 16:12:07 +01:00
d53eb34520
Unify Application::GetStartTime() and drop GetMainTime()
...
This essentially moves the start time into the scope when main
starts to "do something", after the reload and configuration handling
is done.
2020-02-11 17:26:15 +01:00
d99f76bdae
Merge pull request #7767 from Icinga/bugfix/replay-log-windows-rename
...
Ensure that log replay files are properly renamed on Windows
2020-02-10 11:42:25 +01:00
8324970ab9
Merge pull request #7809 from Icinga/bugfix/handshake-timeout-7805
...
Close connections w/o sucessful TLS handshakes during 10s
2020-02-07 16:01:30 +01:00
7488d2614b
Merge pull request #7811 from Icinga/bugfix/config-sync-log
...
Cluster config sync: Use a more friendly message when configs are equal and don't need a reload
2020-02-06 14:32:46 +01:00
35c9f2e7b3
Close connections w/o sucessful TLS handshakes during 10s
...
refs #7805
2020-02-05 15:53:56 +01:00
cdfc6e6f50
Cluster config sync: Use a more friendly message when configs are equal and don't need a reload
...
This also adds an entry to the troubleshooting docs.
2020-02-05 15:31:41 +01:00
0da46c1d4b
Ensure that log replay files are properly renamed on Windows
...
rename() without _unlink() before doesn't work on Windows.
This commits also adds an error message which was swallowed
previously.
2020-01-20 11:41:43 +01:00
3d841d5f64
Don't send event::Heartbeat to unauthenticated peers
...
refs #7746
2020-01-13 11:21:38 +01:00
9d55a8264d
Fix open connections when agent waits for CA approval
...
This closes the agent connection when the certificate sign requests
waits for CA approval.
refs #7680
2019-12-03 21:19:39 +01:00
177c45d787
Improve error message for POST queries
...
If the user does a POST query but forgets to add the
'X-HTTP-Method-Override: GET' HTP header, the error message was
misleading. This changes the error message to a more detailed message
which might give the user a better understanding what the problem
could be.
Fixes #7675 .
2019-12-03 11:39:40 +01:00
859658ab98
Fix TLS context copies in ApiListener
...
This avoids copying the TLS context in the ApiListener class and removes
the obsolete variable.
This is a follow-up from #7654
2019-11-29 16:03:38 +01:00
8431ea52ee
Make SSL context const again
...
Turns out that the switch to the class member variable inside the lambda
expression is sufficient to fix the issue.
2019-11-25 23:42:32 +01:00
016a6c3f25
Fix ApiListener const SSL context
...
This makes the SSL context in ApiListener::SpawnCoroutine non-const to
address an issue when an agent recieves an signed certificate from the
master and tries to update the SSL context. This also uses the class
member variable which is captured by `this` in the lamda expression.
fixes #7650
2019-11-25 22:21:09 +01:00
b1787883f7
Merge pull request #7535 from tigercomputing/Icinga/feature/config-stage-activate-parameter
...
API /v1/config/stages 'activate' parameter
2019-11-15 12:58:03 +01:00
38080405df
Merge pull request #7528 from Icinga/bugfix/api-put-error-handling
...
API: Handle permission exceptions soon enough, returning 404
2019-11-15 11:53:59 +01:00
f601ba51e0
Revert "Eventqueue: Remove unused code"
...
This reverts commit a7873da89d
2019-11-02 14:00:23 +01:00
cb20b4829a
Cluster Config Sync: Check the timestamp prior to config file checksums
...
Otherwise old configuration received from a secondary master/satellite
could always trigger a config change & reload.
2019-10-22 14:07:10 +02:00
aa4cad7482
Replace std::shared_ptr<Expression> with Expression::Ptr
...
refs #7361
2019-10-21 17:10:51 +02:00
ba1ce9c853
Replace std::shared_ptr<boost::asio::ssl::context> with Shared<boost::asio::ssl::context>::Ptr
2019-10-21 16:12:46 +02:00
a1fef92835
Replace std::shared_ptr<boost::asio::ip::tcp::acceptor> with Shared<boost::asio::ip::tcp::acceptor>::Ptr
2019-10-21 16:12:46 +02:00
a1683568a1
Replace std::shared_ptr<AsioTlsStream> with Shared<AsioTlsStream>::Ptr
2019-10-21 16:12:35 +02:00
e7c07062f8
Avoid syncing .authorititative marker received from < 2.11 parent nodes
2019-10-02 10:49:02 +02:00
aece8d61e2
Introduce 'activate' parameter to config stage handling
...
This functionality allows a stage to be uploaded and validated as
normal, but not activated. This is useful to pre-flight an Icinga config
package before it is applied to a monitoring cluster, for example in a
CI pipeline.
2019-09-24 17:17:19 +01:00
f419efd778
API: Handle permission exceptions soon enough, returning 404
...
fixes #7513
2019-09-23 09:48:50 +02:00
eddb40a913
CSR Auto-signing: Add debug logging for skipped signing
2019-09-18 11:53:58 +02:00
d3eb62301e
API: Add AES128-GCM-SHA256 compatible cipher for el6
...
fixes #7501
2019-09-16 14:19:22 +02:00
9ec246a2f4
Revert: Always reset Boost beast buffer in HttpServerConnection#ProcessMessages #7476
...
Not a simple revert but also adds a comment for the buffer.
refs #7476
2019-09-12 17:00:17 +02:00
2c0e0da2d9
Introduce IoEngine::SpawnCoroutine wrapping asio::spawn and Boost exceptions
...
This is required to
- catch all exceptions and wrap them into Boost exceptions. They
are the only ones allowed with Boost.Coroutine.
- set a dedicated coroutine stack size for Windows.
refs #7431
2019-09-09 16:40:35 +02:00
5fa7331cc9
Quality: Replace deprecated Boost IO service code
...
https://github.com/boostorg/asio/issues/110
https://www.boost.org/doc/libs/1_66_0/doc/html/boost_asio/example/cpp03/services/logger_service.hpp
2019-09-09 15:27:57 +02:00
0a9563b3db
HttpServerConnection#ProcessMessages(): avoid I/O if shutting down
...
refs #7431
2019-09-09 13:37:44 +02:00
b85b8b9697
HttpServerConnection#ProcessMessages(): avoid I/O after boost::asio::error::operation_aborted
...
refs #7431
2019-09-09 13:29:47 +02:00
dfaeb88ac3
{HttpServer,JsonRpc}Connection#Disconnect(): cancel I/O ops ASAP
...
refs #7431
2019-09-09 13:11:51 +02:00
b3c48e7520
Merge pull request #7485 from Icinga/bugfix/api-disconnect-defer
...
Avoid the Defer-Disconnect destructor pattern with Boost.Coroutines
2019-09-09 11:41:34 +02:00
c5aa978912
Rewrite error handling in HttpServerConnection#EnsureValidHeaders()
...
Throwing local exceptions unnecessarily pollutes the exception
stack with immediate unwinding. Avoid this pattern at all cost within
Boost.Coroutines. MSVC may handle exceptions differently and cause
problems with stack unwinding.
refs #7431
refs #7351
2019-09-09 11:03:21 +02:00
17d4d17307
Avoid the Defer-Disconnect destructor pattern with Boost.Coroutines
...
Exceptions in Disconnect() might be thrown (this has been reworked
into error_code locally) which are swallowed inside the Destructor
for being dangerous. On the other hand, swallowing them may
corrupt the stack unwinding operation from the coroutine layer.
The best is to avoid Defer inside lib/remote and call Disconnect()
directly after breaking from other operations.
refs #7351
refs #7431
2019-09-09 10:57:13 +02:00
Alexander A. Klimov
Julian Brost
Noah Hilverling
Yonas Habteab
Yonas Habteab
mcodato
Mattia Codato
Benjamin Groeber
Markus Frosch
Michael Insel
Michael Friedrich
Matthias Baur
Chris Boot